Multi-engine AV vs single engine

Discussion in 'other anti-virus software' started by aztony, May 11, 2013.

Thread Status:
Not open for further replies.
  1. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    I remember reading a while back, an article that claimed multi-engine AVs tended to be less efficient/proficient than their single engine counterpart(s), based on performance score averages. Is it true? What is your perference in that area, and why? Thanx.
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Instead of going multi-engine I prefer to go multi-layered with security software on different levels. It's much more efficient because if the AV fail, there's one or more layers left to defend against the potential threat. AVs are the resource hungry part of the defense, so a multi-layered defense is preferable to multi-engine AV.
     
  3. guest

    guest Guest

    Do note that multi-engines real-time AVs are quite demanding. You'll need some more firepower than running a traditional AV.

    TBH, I am wondering who started this gimmick. It doesn't do much IMO. Except probably HMP, but that isn't a real-time AV.
     
  4. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I don't have a preference for multi-engine AVs, but I can say that EAM runs very well on a couple of my systems. Its performance seems to be as good or better than some single engine AVs that I have used. I think that Emsisoft removes their in-house definitions that overlap with Bitdefender. Perhaps other vendors that use multiple outsourced engines would have a harder time avoiding overlap.
     
  5. guest

    guest Guest

    Is it just me, or I think it's about time for Emsisoft to fully develop their own engine so that they no longer need to add any partner engines. Dual/multi-engines sound kinda bloated. Dunno about the market share of AVs which use multi-engines though.
     
  6. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Money, and easy of use.
     
  7. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    Depending on the AV you choose there are a few multi engine AV programs that have the AV and behaviour blocking and HIPS all rolled in. F-Secure has a very good combination of layered protection in its AV. Also has Deepguard that appears to be quite effective.
     
  8. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    I agree.
    In my opinion, F-Secure is the "best" among all AV's at this time.
     
  9. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
    Doesn't F-Secure have moderately high false positives?
     
  10. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Not in my experience o_O
    Actually, I could count with the fingers of my hands the times I encountered a false positive on any antivirus I've ever used before now.
     
  11. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,101
    Nope

    False Alarm Tests

    .
     
  12. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    not in my experience and in the small number I have had they fix them very quickly.
     
  13. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I think how effective a multi engine AV could be really depends on wich engines that's in use. I remember Coranti (no longer exists afaik) it used 4 engines and it was on top at least once on the VB RAP test, while Trust Port another multi-engine AV (I think 3 engines) came close behind Coranti in that same test. Coincidence? Yes that's very possible.

    Personally I like singel engine AV's best anway :)
     
  14. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    My appreciation to everyone who responded, your opinions and insights are of great value. I am set to give Baidu AV a try on my XP rig, once it is out of beta. It'll be the 1st time I've used a multi-engine AV. We'll see. Thanx again.
     
  15. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    You're welcome, and good luck in your hunt for the perfect AV ;)
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I said here, years ago, that multi-engines was the way to go, and caught heck for it. But depending on how used, it is still the best solution for AV canning and Hitman Pro proved it.
     
  17. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,101
  18. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    What I was inquiring about were AVs of multi-engine design, e.g. Baidu. I wasn't referring to having multiple AVs like a resident scanner, on demand scanner, etc. Presumably an AV solution featuring a multi-engine approach will not face compatibility issues because the engines would've been designed to work in concert with each other.
     
  19. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,697
    Location:
    Zagreb, Croatia
  20. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    Multi-engine isn't necessarily better than a single one, but I guess some vendors don't have the ability to develop a good one of their own so they license a bunch of them, or even if they do, find it more convenient to support the licensed one with auxillary engines and/or split different detection duties between them. It can also be flexible in that sometimes one or more engines can be shut down to improve performance.
    -----------------------------------
    F-Secure in 1998.
     
    Last edited: Nov 6, 2013
  21. gugarci

    gugarci Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    288
    Location:
    Jersey
    I use Emsisoft. Great detection rate and runs great on old PC's. I have EAM and Online Armor Premium running on an 8 year old P4 3.2 hz using XP Pro. Computer works well.
     
  22. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    I generally prefer single engine but I do like f-secure. I feel that f-secure would be an even better product if they got rid of the bitdefender engine and focused on improving their own tech which is already very good and Then they would have more control of their product and can further refine it.
     
  23. guest

    guest Guest

    And I don't remember what I've asked lol. But thanks for that. Well, guess I'm just getting older. :D

    I still think it doesn't do much. But at least it's still better than using completely two or more different AV programs at the same time in the same computer.
    https://www.wilderssecurity.com/showpost.php?p=2284948&postcount=27
     
  24. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    What shadek said, IMO. You want to have several layers of defense, rather than focusing everything on one layer.

    A typical automated browser attack these days might look roughly like this, for instance:

    Stage 1: a bad Flash or Java applet runs.
    --> This can be prevented if the applet never runs. (Click-to-play, JS whitelist, Noscript, etc.)

    Stage 2: the attacker gains access to the plugin's thread.
    --> If the exploit is already patched, and the plugin is up to date, this won't happen; likewise if you use EMET, and the exploit is of a type that EMET can block.

    Stage 3: the attacker uses the compromised process to access the filesystem.
    --> Sandboxie, IE or Chrome sandboxes, etc. can contain the damage here.

    Stage 4: the attacker uploads a malicious binary to your filesystem, and runs it. The binary invokes whatever other exploits are needed to achieve persistence.
    --> This is where an antivirus usually works, recognizing the bad executable and preventing it from running.

    My opinion is that it's preferable to have a contingency plan at each of those layers. e.g. for browsing:
    - an up-to-date copy of Chrome (layers 2 and 3)
    - plugins (and JS if convenient) disabled except for whitelisted sites (layer 1)
    - an antivirus (layer 4)
    would probably work better than a pile of security apps all targeting layer 4.

    That's my 2 cents worth, anyway.

    tl;dr: Don't splurge on an overpriced security suite that has multiple engines or whatnot. Instead, spend a little more time making sure you the rest of your system - not just your AV - is set up securely.
     
  25. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    I couldn't disagree more.

    Relying on the Bitdefender engine in terms of detection by signature frees up a lot of ressources. There is no need to reinvent the wheel here. The best case scenario would be an equal engine at a much greater cost. Instead F-Secure can focus on their proactive detection technology called DeepGuard. Same goes for companies like Emsisoft with EAM. They can focus on further improving their already outstanding behaviour guard. This is where the real protection is. The rest of the ressources can be allocated for personnel to optimize the stability and performance of the product.
     
Loading...
Thread Status:
Not open for further replies.